Saturday, August 11, 2018

This is prompted by a great XKCD on the subject: https://xkcd.com/2030/

The thing is, no matter how sure you are that the software is sound, 1) incredibly often there are more vulnerabilities you never imagined, and 2) how do you know it's really "the" software that's being run? No matter how well it's audited, there's always another possible layer on top acting as a man in the middle. (See Star Trek TNG's "Ship in a Bottle" for a great illustration of this.)

The bottom line is, it'll always be much harder to hack a ton of individual people and mechanical machines than a bunch of computers.

The only good solution I've heard to this is to provide everyone with a voting receipt that connects their vote to an anonimized unique ID number, then let them separately check their vote against the official voting results database any time after the polls close. That wouldn't stop hacking at all, but it would make it much harder to go undetected.

A (to my mind, overconfident) counterpoint to the comic is at https://www.google.com/amp/s/securityboulevard.com/2018/08/that-xkcd-on-voting-machine-software-is-wrong/amp/